[Unit]
Description=Health Check Service for Failover System
Documentation=man:systemd.service(5)
After=network.target
Wants=network.target

[Service]
Type=oneshot
User={{ failover_user | default('root') }}
Group={{ failover_group | default('root') }}
ExecStart=/usr/local/bin/health_check.py
WorkingDirectory=/etc/failover
Environment=PYTHONPATH=/usr/local/lib/python3/site-packages
Environment=CONFIG_FILE=/etc/failover/config.yml

# 日志配置
StandardOutput=journal
StandardError=journal
SyslogIdentifier=health-check

# 安全配置
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/log/failover /var/lib/failover /etc/failover

# 资源限制
MemoryMax={{ failover_memory_limit | default('256M') }}
CPUQuota={{ failover_cpu_quota | default('50%') }}

# 重启策略
Restart=no
TimeoutStartSec=60
TimeoutStopSec=30

[Install]
WantedBy=multi-user.target